ITS: Set features with config header file
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: If687f26760b554790ef5c18be78bfc88ca7e00de
diff --git a/config/config_base.cmake b/config/config_base.cmake
index 4e3ddf7..098a162 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -117,13 +117,6 @@
set(PS_STACK_SIZE "0x700" CACHE STRING "The stack size of the Protected Storage Secure Partition")
set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition")
-set(ITS_CREATE_FLASH_LAYOUT ON CACHE BOOL "Create flash FS if it doesn't exist for Internal Trusted Storage partition")
-set(ITS_RAM_FS OFF CACHE BOOL "Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition")
-set(ITS_VALIDATE_METADATA_FROM_FLASH ON CACHE BOOL "Validate filesystem metadata every time it is read from flash")
-set(ITS_MAX_ASSET_SIZE "512" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area")
-set(ITS_NUM_ASSETS "10" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
-set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(ITS_STACK_SIZE "0x720" CACHE STRING "The stack size of the Internal Trusted Storage Secure Partition")
set(TFM_PARTITION_CRYPTO OFF CACHE BOOL "Enable Crypto partition")
set(CRYPTO_TFM_BUILTIN_KEYS_DRIVER ON CACHE BOOL "Whether to allow crypto service to store builtin keys. Without this, ALL builtin keys must be stored in a platform-specific location")
diff --git a/config/config_base.h b/config/config_base.h
index 501fcb6..2450fdc 100644
--- a/config/config_base.h
+++ b/config/config_base.h
@@ -97,4 +97,30 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_BASE_H__ */
diff --git a/config/profile/config_profile_large.h b/config/profile/config_profile_large.h
index 9ee21e1..12d3047 100644
--- a/config/profile/config_profile_large.h
+++ b/config/profile/config_profile_large.h
@@ -97,4 +97,30 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_LARGE_H__ */
diff --git a/config/profile/config_profile_medium.h b/config/profile/config_profile_medium.h
index a8bf346..4c3d8e8 100644
--- a/config/profile/config_profile_medium.h
+++ b/config/profile/config_profile_medium.h
@@ -97,4 +97,27 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/* Size of the ITS internal data transfer buffer */
+#define ITS_BUF_SIZE 32
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_MEDIUM_H__ */
diff --git a/config/profile/config_profile_medium_arotless.h b/config/profile/config_profile_medium_arotless.h
index 6fe338b..69d0bfa 100644
--- a/config/profile/config_profile_medium_arotless.h
+++ b/config/profile/config_profile_medium_arotless.h
@@ -97,4 +97,27 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/* Size of the ITS internal data transfer buffer */
+#define ITS_BUF_SIZE 32
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_MEDIUM_AROTLESS_H__ */
diff --git a/config/profile/config_profile_small.h b/config/profile/config_profile_small.h
index 368b5e6..dc5c73a 100644
--- a/config/profile/config_profile_small.h
+++ b/config/profile/config_profile_small.h
@@ -94,4 +94,27 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/* Size of the ITS internal data transfer buffer */
+#define ITS_BUF_SIZE 32
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_SMALL_H__ */
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index f6fda19..0d4fd51 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -25,7 +25,6 @@
################################## Advanced options #############################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
################################## Dependencies ################################
diff --git a/config/profile/profile_medium_arotless.cmake b/config/profile/profile_medium_arotless.cmake
index 0dd5b22..74a3fcd 100755
--- a/config/profile/profile_medium_arotless.cmake
+++ b/config/profile/profile_medium_arotless.cmake
@@ -24,7 +24,6 @@
################################## Advanced options #############################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
################################## Dependencies ################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 4d35712..c8ec10e 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -27,7 +27,6 @@
set(PSA_FRAMEWORK_HAS_MM_IOVEC ON CACHE BOOL "Enable MM-IOVEC")
set(CONFIG_TFM_CONN_HANDLE_MAX_NUM 3 CACHE STRING "The maximal number of secure services that are connected or requested at the same time")
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
################################## Dependencies ################################
diff --git a/config/tests/config_test_psa_api.cmake b/config/tests/config_test_psa_api.cmake
index aabca3c..d6b7944 100644
--- a/config/tests/config_test_psa_api.cmake
+++ b/config/tests/config_test_psa_api.cmake
@@ -6,13 +6,6 @@
#------------------------------------------------------------------------------
############ Override defaults for PSA API tests ##############################
-
-# When building for the PSA Crypto API tests, ensure the ITS max asset size is
-# set to at least the size of the largest asset created by the tests
-if (("${TEST_PSA_API}" STREQUAL "CRYPTO") AND NOT (ITS_MAX_ASSET_SIZE GREATER 1229))
- set(ITS_MAX_ASSET_SIZE "1229" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area")
-endif()
-
if ("${TEST_PSA_API}" STREQUAL "IPC")
# PSA Arch test partitions only support IPC model so far
set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
@@ -41,4 +34,8 @@
set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
endif()
-set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api.h" CACHE FILEPATH "User defined header file for TF-M config")
+if ("${TEST_PSA_API}" STREQUAL "CRYPTO")
+ set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api_crypto.h" CACHE FILEPATH "User defined header file for TF-M config")
+else()
+ set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api.h" CACHE FILEPATH "User defined header file for TF-M config")
+endif()
diff --git a/config/tests/config_test_psa_api.h b/config/tests/config_test_psa_api.h
index 816b62c..ba0f675 100644
--- a/config/tests/config_test_psa_api.h
+++ b/config/tests/config_test_psa_api.h
@@ -97,4 +97,30 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_TEST_PSA_API_H__ */
diff --git a/config/tests/config_test_psa_api_crypto.h b/config/tests/config_test_psa_api_crypto.h
new file mode 100644
index 0000000..178d8e6
--- /dev/null
+++ b/config/tests/config_test_psa_api_crypto.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_BASE_H__
+#define __CONFIG_BASE_H__
+
+/* Platform Partition Configs */
+
+/* Size of input buffer in platform service */
+#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+
+/* Size of output buffer in platform service */
+#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+
+/* The stack size of the Platform Secure Partition */
+#define PLATFORM_SP_STACK_SIZE 0x500
+
+/* Disable Non-volatile counter module */
+#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+
+/* Crypto Partition Configs */
+
+/*
+ * Heap size for the crypto backend
+ * CRYPTO_ENGINE_BUF_SIZE needs to be much larger for PSA API tests.
+ */
+#define CRYPTO_ENGINE_BUF_SIZE 0x5000
+
+/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#define CRYPTO_CONC_OPER_NUM 8
+
+/* Disable PSA Crypto random number generator module */
+#define CRYPTO_RNG_MODULE_DISABLED 0
+
+/* Disable PSA Crypto Key module */
+#define CRYPTO_KEY_MODULE_DISABLED 0
+
+/* Disable PSA Crypto AEAD module */
+#define CRYPTO_AEAD_MODULE_DISABLED 0
+
+/* Disable PSA Crypto MAC module */
+#define CRYPTO_MAC_MODULE_DISABLED 0
+
+/* Disable PSA Crypto Hash module */
+#define CRYPTO_HASH_MODULE_DISABLED 0
+
+/* Disable PSA Crypto Cipher module */
+#define CRYPTO_CIPHER_MODULE_DISABLED 0
+
+/* Disable PSA Crypto asymmetric key signature module */
+#define CRYPTO_ASYM_SIGN_MODULE_DISABLED 0
+
+/* Disable PSA Crypto asymmetric key encryption module */
+#define CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED 0
+
+/* Disable PSA Crypto key derivation module */
+#define CRYPTO_KEY_DERIVATION_MODULE_DISABLED 0
+
+/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+
+/* Use stored NV seed to provide entropy */
+#define CRYPTO_NV_SEED 1
+
+/*
+ * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
+ * to optimize memory footprint in resource-constrained devices.
+ */
+#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+
+/* The stack size of the Crypto Secure Partition */
+#define CRYPTO_STACK_SIZE 0x1B00
+
+/* FWU Partition Configs */
+
+/* Size of the FWU internal data transfer buffer */
+#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+
+/* The stack size of the Firmware Update Secure Partition */
+#define FWU_STACK_SIZE 0x600
+
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/*
+ * The maximum asset size to be stored in the Internal Trusted Storage
+ * When building for the PSA Crypto API tests, ensure the ITS max asset size is
+ * set to at least the size of the largest asset created by the tests.
+ */
+#define ITS_MAX_ASSET_SIZE 1229
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
+#endif /* __CONFIG_BASE_H__ */